Re: How to get an unix programmer started on web programming?

Anonymous wrote:

Sorry Andrew, but that's a load of BS. Any non-trivial computer program (including PHP scripts, of course) contains errors, which could potentially be security hazards. Add to that (potentially even undiscovered) bugs in the OS, the webserver, PHP itself, ... and the only possible conclusion is, what every security expert has been preaching for quite a lot of years: The only computer that is safe from being hacked is a computer not connected to the net.

And therein lies the paranoia! By that standard nothing would be connected to the net and the net as we know it would not exist! Are you seriously advocating that?!? If so then you might as well just get rid of PHP as it'd be useless. Nothing's safe. No computer should be connected to the net therefore you don't need Apache, the web, email or anything.

Granted nothing is bug free and nothing is 100% secure. That always was and will always be. But don't use that as an excuse to hide your head in the sand and hide useful data from everybody. There are tremendous benefits that we all enjoy from the explosion of the sharing of information that the net has widened to the masses. Yes indeed there are risks. But when you weigh the risks and the benefits I think it's clear that most people believe the benefits out weigh the risk, with suitable precautions taken, despite what the "security expert" naysayers say.

So what Jerry suggested is the only sensible thing to and certainly not overkill.

You are certainly entitled to your opinion but please also allow me mine.
--
Anytime four New Yorkers get into a cab together without arguing, a bank robbery has just taken place.
.

Relevant Pages

  • Re: [Full-disclosure] PHP import_request_variables() arbitrary variable overwrite
    ... Hardened-PHP for years and that there is also a protection against this ... i'm sure i wasn't credited at all but who cares, i just want the bugs ... At that time the PHP developers considered it NOT A VULNERABILITY. ... crediting you instead of the original reporter and as usual the fix ...
    (Full-Disclosure)
  • Re: [Full-disclosure] PHP import_request_variables() arbitrary variable overwrite
    ... Hardened-PHP for years and that there is also a protection against this ... i'm sure i wasn't credited at all but who cares, i just want the bugs ... At that time the PHP developers considered it NOT A VULNERABILITY. ... crediting you instead of the original reporter and as usual the fix ...
    (Bugtraq)
  • Re: PLEASE HELP - Very odd problem
    ... of bug hunting was to just write code that doesn't have any bugs in it. ... "php -l filename" on any file before you try using it. ... a debug environment, I can set a breakpoint at a piece of code I'm wondering ... If you work well without a debugger, ...
    (comp.lang.php)
  • Re: Why no type hints for built-in types?
    ... >> the other PHP groups, but if that is discouraged, please let me know. ... These bugs can be hard to find. ... the programmer is free to focus on more ... I'm not at the liberty to choose the language of the code ...
    (comp.lang.php)
  • Re: oracle article: "PHP vs. ASP.NET"
    ... Without assuming you've already decided to go with PHP, ... Software price free free free ... When you're dealing with bugs in the ...
    (comp.lang.php)